Recent searches


No recent searches

Troy Johnston's Avatar

Troy Johnston

Joined Oct 22, 2021

·

Last activity Mar 23, 2023

Following

0

Followers

0

Total activity

28

Votes

9

Subscriptions

11

ACTIVITY OVERVIEW

Latest activity by Troy Johnston

Troy Johnston commented,

Community comment Feedback - Ticketing system (Support)

Salvador Vazquez Please can we re-issue your update without the jargon to ensure all parties internationally are understanding you.

EAP?  Extensible Authentication Protocol? - cant see relevance

Some may not understand GA.

H2?  Please provide month or date.  Sorry this must be a US terminology.

Please lift your game Zendesk.  People have been waiting a long time for this obvious weakness.  Clear commitment and communication is what we seek.

View comment · Edited Mar 23, 2023 · Troy Johnston

0

Followers

2

Votes

0

Comments


Troy Johnston commented,

Community comment Feedback - Ticketing system (Support)

Hello Barkha,

I emailed straight back, but perhaps it didn't get through.  Yes - please setup the zoom.  I understand you're the PM.  I would certainly appreciate any attendance with us from IT Security or Architecture within the discussion.

Please let's communicate moving forwards not via a public forum.

Regards,

View comment · Posted Dec 28, 2022 · Troy Johnston

0

Followers

0

Votes

0

Comments


Troy Johnston created a post,

Post Feedback - Ticketing system (Support)

Hi Zendesk,

I have requested a conversation directly with your IT Security or Enterprise architecture team.  Please have them contact me directly.

2FA has been poorly implemented.  Business software should not permit users to have control over whether to use 2FA each login or not.  That is a decision of each company administrator.

Will Zendesk re-consider and take action on this yourselves?  

 

A very simple fix - provide admin the ability to set default on user ability to disable any trust by user to their device for 30 days.  Hence permit admin to lock this as "None" so that the sessions will expire as per the other 2FA settings.

It is interesting that Zendesk think of IT security as simply a 'feature' and not a mandatory component.  Users will never upvote IT security in comparison to bells n whistles features.... right now there is extreme risk to being hacked or otherwise breached.

Right now the implementation provides some misleading assurance of being secure and using sessions.  The current implementation does leave Zendesk open to potential legal action I would believe should Personally Identifying (PI) or sensitive data be stolen via a breach.

This would be straight-forward to remediate by implementing the common design that permits admin to enforce 2FA.

Please note that as a very small company we do not have intention or capability to implement SSO.  However we do have copies of PI and possibly sensitive information within our tickets and we do take information security seriously and would like to see Zendesk make an uplift here to properly secure your 2FA design - for everyone's benefit.

I'd like to see Zendesk take the lead here.

There have been other requests on this same question for 12 months without action.  Please do not leave IT Security for a popular up-vote before acting.

It is so important.

Regards,
Troy

Posted Dec 18, 2022 · Troy Johnston

2

Followers

4

Votes

2

Comments


Troy Johnston commented,

Community comment Feedback - Ticketing system (Support)

Hi Caroline,

It is interesting that Zendesk think of IT security as simply a 'feature' and not a mandatory component.  Users will never upvote IT security in comparison to bells n whistles features.... right now there is extreme risk.

It is not a great answer though, Zendesk.  Sincerely the 2FA implementation is flawed.  2FA in a business context is meant to be implemented as a scheme that permits administrators to make the use of this mandatory.  

The current implementation does leave Zendesk open to potential legal action I would believe should Personally Identifying (PI) or sensitive data be stolen via a breach.

This would be straight-forward to remediate by implementing the common design that permits admin to enforce 2FA.

Why will Zendesk not consider and take action on this yourselves?  

It would be a relatively simple change to lock down the user screens to no longer permit the 30 day 'trust'.

Please note that as a very small company we do not have intention or capability to implement SSO.  However we do have copies of PI and possibly sensitive information within our tickets and we do take information security seriously and would like to see Zendesk make an uplift here to properly secure your 2FA design - for everyone.

I'd like to see Zendesk take the lead here.

Regards,
Troy

View comment · Posted Dec 16, 2022 · Troy Johnston

0

Followers

3

Votes

0

Comments


Troy Johnston commented,

CommentExtending Zendesk

Hello.  As 2FA Session management has not been securely implemented (to mandate users must use 2FA with every login event) I would like to establish an automation to achieve:

At 7pm each night - destroy all active sessions.

Can you please provide guidance to this.
- I have established a webhook that calls the Sessions API and is authenticated via token.
- How to build the automation that is preferably time dependant.  I imagine the logic will need to be something like:  Loop through all open sessions - destroy each active session.

I am not a developer, and at this time I can't see how to achieve this in automation.  Please do provide some detailed guidance - especially given the 2FA implementation is not secure.

Thanks,

View comment · Posted Dec 13, 2022 · Troy Johnston

0

Followers

0

Votes

0

Comments


Troy Johnston commented,

CommentGlobal security and user access

Hi Christine, Zendesk,

This is a significant security flaw in Zendesk implementation of 2FA.  2FA ought to be bundled with ability for administrator to mandate use of 2FA with every login event.  Leaving this up to the user breaks our security rules (and we are just a tiny company).

This leaves us exposed to hacking.

What we dont understand is the Sessions can clearly be set to expire.... and yet this does not sign out the user?  Or properly kill the session.  The implementation is flawed, unfortunately.

Will Zendesk take this seriously and implement an Admin enforcement?  This should never be a user decision.

View comment · Posted Dec 12, 2022 · Troy Johnston

0

Followers

5

Votes

0

Comments


Troy Johnston commented,

CommentSetting up Agent Workspace

Why then am I being informed my migration/upgrade will be automatically processed in early August?!  I understood this was not required.  As per Nikki above - we use email only - and I can only see a negative impact to our team by this change.   (Why are messages now located with the latest at the bottom?!) - There must be a configuration available for us to flip this as this will have a huge impact on us.
Please help.

View comment · Posted Jul 14, 2022 · Troy Johnston

0

Followers

1

Vote

0

Comments


Troy Johnston commented,

CommentViews, ticket status, and ticket fields

Agree with all

Christopher Reichle has honestly excellent points and well summarised the larger picture of feature request management practice and process by design.  

@... please dont take his comments personally.  I found his submission to be respectful, thoughtful, transparent, trusting and honest from his perspective. 

I do agree the evidence on this request and a range of others demonstrate that the ZD process of gathering customer feedback and decision making on features to enter the approved backlog to warrant improvement.

I do hope ZD will incorporate change in this area.... be agile, be daring and be communicative to your customer's requests.

View comment · Posted May 29, 2022 · Troy Johnston

0

Followers

3

Votes

0

Comments